ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Closed incidents get recreated


Article ID: 200435


Updated On:


Advanced Threat Protection Platform Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response


When reviewing incidents on the Symantec Endpoint Detection and Response (SEDR) appliance, it is noted that a new incident is created that contains events from the same date and time as those in a previously closed incident.  The incident continues to get generated even though the incident is repeatedly closed.


A SEP client policy has become corrupted.


Update the SEP client policy for the client(s) in question.

For details, see the following topic in the SEP Installation and Administration Guide::